Overview

overview

10

Static

static

1

de compra ...01.exe

windows7-x64

10

de compra ...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a016a355a63ce814e6dd9a48879c378a4b626f9131981e1f93337abc8fb8ec83

  • Size

    1.6MB

  • Sample

    240719-btff3syhnf

  • MD5

    018cf7e4cb3a2d3dddbd5e0ec1bae403

  • SHA1

    664179fe95117bc2fc0fd99828e4a8b0bbaec315

  • SHA256

    a016a355a63ce814e6dd9a48879c378a4b626f9131981e1f93337abc8fb8ec83

  • SHA512

    65fcda6897a7d04bf1f41c31efcfe9c91d2584408859d45d5fe97b7427adce91b635a25e3d6c157cb10b5d54f0237fa87804e8451cd2786de5c52658aa2387c7

  • SSDEEP

    49152:N/KNy9Tc8xEVe+jetSoLs/4gK/XLmTzquqUnN:FcQc8ONjsf1t0qQ

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.grupovamex.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    tTgUWMBntHIE

Targets

    • Target

      de compra BF-161000401.exe

    • Size

      1.8MB

    • MD5

      5cefc3cb0c3ae4641ad13cc1ba4fdb8d

    • SHA1

      6b6a9b062c03bfc1d424e04335bc845ee72a1647

    • SHA256

      83f12ad49ad0352bf087afe66a5bf55fd5fe0b1fff08415454280173612f60d3

    • SHA512

      4e1157c778da1de34ec5b94a12f9974ebe2a286f48a7a1023cefd0f2d333569a7c83e9b76604c4275bd36213e1de8aba27215d4c094eb6ae2f5d24f478b09059

    • SSDEEP

      49152:nnVL3gGsHkejStio5c3+Jbh8704UOsCuOS:nxg1Dj41S00sCuB

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks